Skip to content

encryption

A pinch of salt – Encrypt WAL-G PostgreSQL backups

WAL-G is a widely known backup software for Postgres databases. One of it’s features is to backup to S3 storage out of the box. Also it’s capable to encrypt those backups and WAL archives with several encryption methods (e.g. libsodium). Since WAL-G is implemented within the Zalanndo Spilo image and therefore deployed by default with the Zalando Postgres Operator on Kubernetes, I had a deeper look on how to get encrypted backups implemented there, cause this is not documented well.

Read More »A pinch of salt – Encrypt WAL-G PostgreSQL backups

Let’s keep this our secret – Transparent Git encryption using git-crypt

Storing sensitive or secret information within a Git repository is never a good idea, at least as long as you do it unencrypted. Whoever has access to the Git repository, can view and change this sensitive data. Storing encrypted data within a Git repo has also the downside, that you need to decrypt it while you want to work with the data and you have to remember to reencrypt it, before pushing it back again. Here comes git-crypt into play. Git-crypt gives you a transparent method to de- and encrypt data during pulling and pushing from or to your Git repository.

Read More »Let’s keep this our secret – Transparent Git encryption using git-crypt

Alles sicher – Kubernetes Secrets verschlüsselt speichern mit “Sealed Secrets”

Kubernetes Secrets sind ein einfacher Weg um Konfigurationen oder Parameter in Kubernetes zu speichern um sie in den Pods / Containern wiederzuverwenden. Allerdings täuscht der Name Secret, ein Secret wird nicht verschlüsselt und sicher Kubernetes abgelegt sondern lediglich kodiert. Eine dekodierung ist jederzeit möglich. Das gilt für das Manifest als auch für die Secret Ressource im Cluster. Mit Sealed Secrets können wir zumindest die Informationen im Manifest verschlüsseln um sie z.B. in einem Git Repository sicher zu speichern.

Read More »Alles sicher – Kubernetes Secrets verschlüsselt speichern mit “Sealed Secrets”